• Leads Asurion's Security Risk Management capability and is part of the Asurion Security Leadership Team.• Identifies, assesses, quantifies and presents security risks for treatment decisions so that informed business decisions can be made.• Collaborates cross functionally with executives in the reporting of risks (includes Legal, HR, Client Services, Product Development, Technology, Finance, Internal Audit, etc) to ensure enterprise visibility.• Facilitates discussions regarding risk mitigation strategies and risk appetite.• Tracks risks in the Risk Register and Risk Heat Map.• Provides oversight to mitigation projects within the program.• Assesses maturity and effectiveness of security program controls against the NIST CSF and ISO 27002 frameworks.• Led the Enterprise Technology & Security Women’s Committee (which was focused on promoting gender diversity) for 3 years.

• Led the IT Audit, Compliance and Risk Management team.• Managed client driven audits of Asurion security controls, represented the company and coordinated any remediation. • Responsible for the completion of annual PCI testing and attestation (SAQ-D, AOC). • IT liaison for 3rd party testing of Asurion's IT General Controls for the annual SOC1 audit.• Updated security documentation including Security Policies, Standards, and Procedures.• Maintained Technology Risk Manager responsibilities in addition to performing the Audit & Compliance role.

• Identified, assessed, quantified and presented security risks for treatment decisions so that informed business decisions are made.• Facilitated discussions regarding risk mitigation strategies and risk appetite.• Tracked risks in the Risk Register and Risk Heat Map.• Provided oversight to mitigation projects within the program.• Assessed maturity and effectiveness of security program controls against the NIST CSF and ISO 27002 frameworks.

• Lead and executed security audits of IT controls to identify compliance gaps.• Conducted audit preparation training for internal personnel prior to 3rd party audits (SOC1 ITGC and client led audits).• Partnered with Legal to provide guidance and align proposed contractual terms with current security capabilities.• Provided security consulting services to IT and Business units.• Performed entitlement reviews of access rights using IAM toolset.• Assisted with the implementation of a Vendor Risk Management program and GRC toolset.

• Responsible for the implementation of an enterprise level business continuity and disaster recovery (BC/DR) program for DISH.• Performed business impact analysis of applications to help identify and document dependencies, business functions and criticality of systems.• Worked with business owners to determine recovery timelines (RPOs/RTOs) for business applications.• Collaborated with IT and business units to leverage and enhance existing toolsets and organizational functions for BC/DR purposes.

• Responsible for the delivery of all projects within the Information Security program.• Managed annual PCI DSS Level 1 merchant re-certification, SOX 404 ITGC audits and drove related remediation efforts.• Provided consulting services to IT and business units to help design effective and cost efficient controls to ensure continuous adherence to laws, rules, and regulations. • Tracked and presented status of policy violations, audit findings and security risks to executive management.• Assisted with the development of IT security policies and IT training on topics such as PCI, SOX and Security Best Practices to ensure consistent communication and adoption of practices.• Conducted risk identification interviews and assisted with the creation of an annual IT Risk Assessment Report.